Is your company's data secure from cyberattacks? How do you know? Do you know the tools and practices that help keep your system safe?
With the average cost of a data breach in 2022 being $4.35 million, cybersecurity is now a significant concern for many businesses.
Many cyber insurance companies now require clients use specific cybersecurity tools and procedures. As a result, potential clients must prove they have foundational practices before qualifying for coverage.
WEBIT Services has helped hundreds of clients build effective cybersecurity strategies. It believes that knowledge is the first step in creating solid security practices.
Within this article, you will find self-assessment questions from a cyber insurance form. You can read explanations for each question. In addition, you will learn what tools and practices indicate solid cybersecurity.
Cybersecurity self-assessment
The following questions are divided into two groups. They are: protecting your network and protecting your employees from cyberattacks.
If you answer "no" to any of these questions, talk to your IT provider or internal IT team to see what you can do to implement the missed tools or protocols.
Do you take the following steps to protect your network from cyberattacks?
Network protection is a critical part of a sound cybersecurity system. Once a cybercriminal has access to your network, they can wreak havoc on all connected systems and technology. Setting up quality network defenses is the first step.
Answer the following questions to see if your network is adequately protected.
1. Do you apply security patches within 30 days of their release?
Security patches and updates address vulnerabilities in software and hardware. If a new vulnerability is discovered, the manufacturer works to correct it. Updates "patch" up the security "hole."
As such, it's essential to apply patches and updates within a month of their release to protect your network. Otherwise, cybercriminals have an easy way inside.
2. Do you tag external emails to alert employees that the message originated outside your organization?
External emails are potentially spam or phishing emails from cybercriminals. A system that tags external messages gives employees a heads-up to take extra care opening these messages, particularly if it's from an unknown sender.
3. Do you implement SPF, DKIM, and DMARC to protect against phishing messages?
SPF (Sender Policy Framework), DKIM (Domain Keys Identified Mail), and DMARC (Domain-based Message Authentication Reporting) are all email protocols to verify email domains.
Essentially, they check to ensure the email is from a real email server or website.
All three protocols work together to prevent spam and phishing emails from your inboxes.
4. Do you utilize web filtering to block access to known malicious sites?
If a website is known to carry a high risk of viruses or malware, it should be blocked to prevent network infection.
5. Do you segment your network based on the classification level of the information stored on your IT systems?
Specific systems should be locked off each other based on the information they hold and which departments need access. Segmenting your network like this helps isolate infections instead of spreading them through the entire network.
For example, the marketing team likely did not need access to the finance team's files and shared drives and vice versa. Therefore, these systems will remain separate on your network.
If someone on the marketing team accidentally downloads malware or exposes their system to ransomware, the attack is isolated to the marketing team's system.
6. Can you confirm that you do not utilize End of Life operating systems or platforms?
End of Life technology is no longer supported by the manufacturer and no longer receives security updates. This older technology is unreliable, and the lack of security updates also creates preventable vulnerabilities.
7. Can you confirm that you use an advanced endpoint detection and response tool (EDR) on all endpoints and servers?
EDR tools continually monitor "endpoints" (i.e., any device that connects to the internet) to detect and alert users to suspicious behavior and cyber threats, including infection.
8. Do you utilize a SIEM monitored 24x7 by a SOC?
SIEM stands for "Security Information and Event Management." It helps identify potential security threats before they can disrupt your systems and business productivity.
A SOC is a Security Operations Center, a group of people, processes, and technology that analyze information collected by the SIEM. This team takes action based on the threats detected by the SIEM.
9. Do you have a process for decommissioning unused systems?
Cybersecurity isn't only concerned with utilized technology; decommissioned technology can pose security risks.
For example, retired computers, devices, and hard drives must be wiped so outsiders cannot access your network or confidential files.
Employees who leave the company must have all access revoked. This way, no one can use their credentials and enter your network.
10. Do you use an Advanced Email Threat Protection add-on?
Advanced Email Threat Protection add-ons help identify and catch spam and phishing email attempts.
Examples of these systems include but are not limited to: Microsoft Defender for Office 365, Proofpoint, Fortinet Secure Email Gateway, and Cisco Email Security.
Do you take the following steps to protect your employees from cyberattacks?
Human intelligence and resourcefulness are still our greatest tools for quality cybersecurity. Tools help prevent or detect cyberattacks, but tools are only as strong as your least tech-savvy employee.
Answer the following questions to help determine if your employees are prepared for cybersecurity success.
1. Do you conduct regular security awareness training?
You can't teach effective cybersecurity in a single session.
Because technology is constantly changing, so are cyberattacks and cybersecurity methods. To address changes, employees should have regular cybersecurity training.
These sessions should focus on detected weaknesses or poor practices that can be corrected.
2. Do you conduct regular phishing campaigns?
Employees should learn how to recognize phishing emails. This will help prevent their falling prey to social engineering.
Cybercriminals use social engineering to convince users to unwittingly give up their login credentials. Once they have user credentials, cybercriminals can access your network to steal data or launch an attack that shuts down critical systems.
Your IT provider or internal IT team can help build fake phishing emails to test employees. Both click and report rates are tracked to show employee awareness and the effectiveness of your security training.
3. Do you ensure employees utilize lease privilege at all times and do not operate as local administrators?
Employees should only have access to the network areas, files, and shared drives needed to do their jobs.
Isolating network areas helps prevent the spread of a cyberattack.
Employees should not have access to settings or drives that can affect others or the network.
4. Do you require Multi-Factor Authentication for remote access to the network, Cloud resources, Remote Desktop Protocol, etc.?
Multi-factor authentication adds an additional layer of security when logging into your network or accounts.
Even if a cybercriminal gets an employee's login credentials, they cannot log in unless they also have the authentication code.
If a password is a lock on the door to your network, multi-factor authentication is the deadbolt.
Next steps for building your cybersecurity strategy
If you answered "Yes" to all fourteen questions, congratulations! You have a solid cybersecurity foundation.
Talk to your IT provider or internal IT team if you'd like to continue building on that foundation to reduce your risk.
If you cannot answer "Yes" to these questions, there are some areas for improvement within your cybersecurity strategy.
Talk to your IT provider about the tools, procedures, and strategies you can add to your current cybersecurity setup.
In addition to your current practices, your IT provider should run quarterly risk assessments to discover vulnerabilities within your organization and recommend solutions.
If your provider or internal team is not doing risk assessments or bringing you the reports and recommendations, it may be time to rethink your partnership. Cybersecurity is too important to take lightly.
WEBIT Services is passionate about quality cybersecurity practices and education. It has educated and assisted hundreds of clients in the greater Chicago area for over 25 years.
If you are looking for a new IT provider, schedule a free 30-minute consultation to see how WEBIT can help.
If you're not ready to make a commitment but would like to learn more about cybersecurity, we recommend the following articles:
- 7 Tips for building a culture of cybersecurity
- Is my business secure? | 6 cybersecurity practices to know
- CIS and NIST | How frameworks affect cybersecurity
- CIS and NIST frameworks | Why they matter in a risk assessment
- Two-factor authentication: what it is and how it protects your organization
- Cybersecurity Risk Levels: Where do you draw the line?
- What is an incident response plan, and do you need one?
